Entities use a variety of administrators to configure and maintain network resources such as routers and services. In some cases those IT administrators are honest, trustworthy individuals. Unfortunately, in other cases, administrators may have a malicious interest in administering the network. Additionally, when entities use the services of a managed service provider, contractor, or other outside assistance, it may be difficult for the entity to determine the reliability or trustworthiness of an individual before granting that individual access to network resources.
Traditionally, remote access technologies use predefined (“static”) user accounts and policies. Unfortunately, static accounts/policies can become stale. And, as companies make increasing use of contractors, off-shore solutions, and other non-permanent/ephemeral employees, the problem is compounded. Additionally, static policies are often over generous in the access they allow (e.g. allowing a contractor access to all 25 servers on an enterprise), creating unnecessary exposure/risk for the enterprise.